Peter Stuge wrote:
This is the exact same error that showed up a while ago for Jos, who also used a custom checkpassword program, even if his implementation was in C.
And for Kyle, just slightly before that with his python script.
I've put a copy of my python checkpassword at:
http://lifewithbincimap.org/index.php/Main/CaseStudies
Jos and Roger .. any chance of putting yours there as well? Jos particularly as it seemed to get a very thorough security audit from the list :)
On another note, I would suggest that you rewrite the checkpassword program in C, so that Perl doesn't talk directly to the network.
Peter, just wondering what you mean by this. I feel more confident using higher level languages which make it easier to avoid buffer overflows, and (not sure about perl, but with python) working with uninitialized variables.
andyg.
